US20060107319A1 - Web based automated certification and accreditation (C&A) application - Google Patents

Web based automated certification and accreditation (C&A) application Download PDF

Info

Publication number
US20060107319A1
US20060107319A1 US10/968,880 US96888004A US2006107319A1 US 20060107319 A1 US20060107319 A1 US 20060107319A1 US 96888004 A US96888004 A US 96888004A US 2006107319 A1 US2006107319 A1 US 2006107319A1
Authority
US
United States
Prior art keywords
automated
information
processes
web based
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/968,880
Inventor
Ernest Smiley
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US10/968,880 priority Critical patent/US20060107319A1/en
Publication of US20060107319A1 publication Critical patent/US20060107319A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • C&A processes assess the entire process, from information gathering through document generation.
  • the software simplifies certification and accreditation and reduces its costs by guiding users through a step-by-step process to determine risk posture and assess network and system configuration compliance with industry best practices and national and international security regulations, policies, and standards.
  • the application automatically engages the appropriate security requirements according to government and/or industry best practices.
  • the software then automatically generates the appropriate test procedures, processes the test results, produces a risk assessment, and allows the user to automatically publish a complete C&A package, including all appendices, in accordance with security standards and processes.
  • the present software invention may provide a secure network management protocol for a computer network.
  • the secure network management protocol may include a secure network management agent having a database/library and a plurality of data sources distributed throughout the computer network.
  • the secure network management protocol is provided in communication with the data sources via instrumentation entities of the components.
  • Embodiments of the present invention provides a secure network management agent for a computer network.
  • the secure network management agent receives alerts from a plurality of data sources, harmonizes the alerts and reports harmonized alerts to an application console.
  • SNMPS permits like-kind alerts from different instrumentation entities to be presented to a technician using similar formats.
  • Embodiments of the present invention provide a secure network management agent for a computer network.
  • the secure network management agent receives alerts from a plurality of data sources, harmonizes the alerts and reports harmonized alerts to an application console.
  • FIG. 1 illustrates secure network management communications between TCP/IP, SNMP and SNMPS. This illustration provides a platform for communications between computer equipment, network devices and interfaces to telecommunications.
  • FIG. 2 provides an illustration of current SNMP technology communicating with SNMPS over an IP network. This process an integrate platform for current (HP Openview, E-Trust, Firewalls, and VPN) technology and processes to communicate with SNMPS platform.
  • HP Openview, E-Trust, Firewalls, and VPN an integrate platform for current
  • FIG. 1 is a block diagram of an exemplary of secure management protocol communicating with SNMP, TCP/IP and the Internet with an embodiment of the present invention.
  • FIG. 2 is a block diagram of a secure network management protocol system communicating with TCP/IP network and new technology constructed in accordance with an embodiment of the present invention.

Abstract

A web based automated C&A application that communicates with Computer Emergency Response Team (CERT), National Institute of Standards and Technology (NIST) and Tripwire (current security organizations) to support real-time security management and processes. Without automated C&A processes, organizations have developed multiple methodologies and acquired software tools that may or may not provide the detailed guidance for systems analysis required from an information security (IS) perspective. C&A relates to the protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit. C&A also analyzes protection against such failures as denial of service to authorized users, unauthorized access, and agency capabilities to detect and document threats. Automated certification process reduces reliance on human intervention, in addition to providing labor and cost savings.

Description

    BACKGROUND
  • The lack of centralized standardization and automation of C&A processes has led the Information Technology Security community to develop separate methodologies and acquire tools that may or may not provide the detailed guidance needed to analyze systems from an information systems security perspective. Automated C&A applications assess the entire process, from information gathering through document generation. The software simplifies certification and accreditation and reduces its costs by guiding users through a step-by-step process to determine risk posture and assess network and system configuration compliance with industry best practices and national and international security regulations, policies, and standards. The application automatically engages the appropriate security requirements according to government and/or industry best practices. The software then automatically generates the appropriate test procedures, processes the test results, produces a risk assessment, and allows the user to automatically publish a complete C&A package, including all appendices, in accordance with security standards and processes.
    • SUMMARY
  • According to an embodiment, the present software invention may provide a secure network management protocol for a computer network. The secure network management protocol may include a secure network management agent having a database/library and a plurality of data sources distributed throughout the computer network. The secure network management protocol is provided in communication with the data sources via instrumentation entities of the components.
    • DETAILED DESCRIPTION
  • Embodiments of the present invention provides a secure network management agent for a computer network. The secure network management agent receives alerts from a plurality of data sources, harmonizes the alerts and reports harmonized alerts to an application console. SNMPS permits like-kind alerts from different instrumentation entities to be presented to a technician using similar formats.
  • Embodiments of the present invention provide a secure network management agent for a computer network. The secure network management agent receives alerts from a plurality of data sources, harmonizes the alerts and reports harmonized alerts to an application console.
  • FIG. 1 illustrates secure network management communications between TCP/IP, SNMP and SNMPS. This illustration provides a platform for communications between computer equipment, network devices and interfaces to telecommunications.
  • FIG. 2 provides an illustration of current SNMP technology communicating with SNMPS over an IP network. This process an integrate platform for current (HP Openview, E-Trust, Firewalls, and VPN) technology and processes to communicate with SNMPS platform.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a block diagram of an exemplary of secure management protocol communicating with SNMP, TCP/IP and the Internet with an embodiment of the present invention.
  • FIG. 2 is a block diagram of a secure network management protocol system communicating with TCP/IP network and new technology constructed in accordance with an embodiment of the present invention.

Claims (1)

1. A web based automated certification and accreditation application, comprising:
1. C&A protection mechanisms and safeguards that are designed and integrated into the system and/or subsystems.
2. C&A decisions that ensure against costly retrofits and delays in fielding deploying operational information systems.
US10/968,880 2004-10-21 2004-10-21 Web based automated certification and accreditation (C&A) application Abandoned US20060107319A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/968,880 US20060107319A1 (en) 2004-10-21 2004-10-21 Web based automated certification and accreditation (C&A) application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/968,880 US20060107319A1 (en) 2004-10-21 2004-10-21 Web based automated certification and accreditation (C&A) application

Publications (1)

Publication Number Publication Date
US20060107319A1 true US20060107319A1 (en) 2006-05-18

Family

ID=36388000

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/968,880 Abandoned US20060107319A1 (en) 2004-10-21 2004-10-21 Web based automated certification and accreditation (C&A) application

Country Status (1)

Country Link
US (1) US20060107319A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080172716A1 (en) * 2006-09-12 2008-07-17 Rajesh Talpade IP network vulnerability and policy compliance assessment by IP device analysis
WO2009011925A1 (en) * 2007-07-19 2009-01-22 Depalma Mark S Systems and methods for accumulating accreditation
US9817978B2 (en) 2013-10-11 2017-11-14 Ark Network Security Solutions, Llc Systems and methods for implementing modular computer system security solutions

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020029280A1 (en) * 1996-07-30 2002-03-07 Holden James M. Mixed enclave operation in a computer network
US20020042687A1 (en) * 2000-08-09 2002-04-11 Tracy Richard P. System, method and medium for certifying and accrediting requirements compliance
US20070180490A1 (en) * 2004-05-20 2007-08-02 Renzi Silvio J System and method for policy management

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020029280A1 (en) * 1996-07-30 2002-03-07 Holden James M. Mixed enclave operation in a computer network
US20020042687A1 (en) * 2000-08-09 2002-04-11 Tracy Richard P. System, method and medium for certifying and accrediting requirements compliance
US20070180490A1 (en) * 2004-05-20 2007-08-02 Renzi Silvio J System and method for policy management

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080172716A1 (en) * 2006-09-12 2008-07-17 Rajesh Talpade IP network vulnerability and policy compliance assessment by IP device analysis
WO2009011925A1 (en) * 2007-07-19 2009-01-22 Depalma Mark S Systems and methods for accumulating accreditation
WO2009011916A1 (en) * 2007-07-19 2009-01-22 Depalma Mark S Systems and methods for accumulating accreditation
US20100217718A1 (en) * 2007-07-19 2010-08-26 Depalma Mark S Systems and methods for accumulating accreditation
US9817978B2 (en) 2013-10-11 2017-11-14 Ark Network Security Solutions, Llc Systems and methods for implementing modular computer system security solutions

Similar Documents

Publication Publication Date Title
US10091220B2 (en) Platform for protecting small and medium enterprises from cyber security threats
US7818249B2 (en) Object-oriented method, system and medium for risk management by creating inter-dependency between objects, criteria and metrics
Montesino et al. Information security automation: how far can we go?
CN107809433B (en) Asset management method and device
Tsohou et al. A security standards' framework to facilitate best practices' awareness and conformity
CN105139139A (en) Data processing method, device and system for operation and maintenance audit
Bidou Security operation center concepts & implementation
Mutemwa et al. Integrating a security operations centre with an organization’s existing procedures, policies and information technology systems
Terplan Intranet performance management
US8307219B2 (en) Enterprise black box system and method for data centers
KR20120016732A (en) Cloud computing system and method for security management for each tenant in multi-tenancy environment
US20060107319A1 (en) Web based automated certification and accreditation (C&A) application
Dun et al. Grasp on next generation security operation centre (NGSOC): Comparative study
WO2007072483A2 (en) A security assessment method for use by security and cip professionals
Tello-Oquendo et al. A Structured Approach to Guide the Development of Incident Management Capability for Security and Privacy.
Dean et al. Toward a Zero Trust Architecture Implementation in a University Environment
Sievierinov et al. Enterprise Security Operations Center
Welberg Vulnerability management tools for COTS software-A comparison
Vulfin et al. The architecture of the web application for protected access to the informational system of processing critically important information
Neises et al. Trustworthiness in Supply Chains: A Modular Extensible Approach Applied to Industrial IoT
Wei et al. On protecting industrial automation and control systems against electronic attacks
Pilgermann et al. Towards sector specific security operation
Topala Cybersecurity system for enterprise telecommunications resources
Caldeira Security Information and Event Management (SIEM) Implementation Recommendations to Enhance Network Security
Napiórkowski et al. A security subsystem design for a secret registry using RFID solutions

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION